Alerts and Advisories

Unprotected Storage of Credentials vulnerability has been discovered in Siemens' Equipment- SIMATIC STEP 7 (TIA Portal).
Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords.

Resource Exhaustion vulnerability has been discovered in Siemens' Equipment- SIMATIC S7.
Successful exploitation of this vulnerability could result in a denial-of-service condition that could
result in a loss of availability of the affected device.

Cross-site Scripting vulnerability has been discovered in Siemens' Equipment- SCALANCE S.
If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS).

Code Injection vulnerability has been discovered in Siemens' Equipment- SIMATIC Panels and SIMATIC WinCC.
Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform
a HTTP header injection attack.

Improper Input Validation vulnerability has been discovered in Siemens' Equipment- S7-400 CPUs.
Successful exploitation of these vulnerabilities could crash the device being accessed which may
require a manual reboot or firmware re-image to bring the system back to normal operation.

Improper Access Control vulnerability has been discovered in Siemens' Equipment- IEC 61850 system configurator, DIGSI 5,
DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC. Successful exploitation of this vulnerability could allow a
remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions.

Weak Password Requirements vulnerability has been discovered in Philips' Equipment- iSite and IntelliSpace PACS.
Successful exploitation of this vulnerability may allow an attacker with local network access to impact confidentiality,
integrity, and availability of a component of the system.

Multiple vulnerabilities such as Authentication Bypass Using an Alternate Path or Channel,
Insufficiently Protected Credentials have been discovered in Circontrol's Equipment- CirCarLife.
Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials
stored in clear text to bypass authentication, and see and access critical information.

DLL hijacking vulnerability has been discovered in Schneider Electric's Equipment- Software Update (SESU).
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.

Cross-site Scripting vulnerability has been discovered in GEOVAP's Equipment- Reliance 4 SCADA/HMI.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to
inject arbitrary Javascript in a specially crafted HTTP request that may reflect it back in the HTTP response.

Authentication Bypass by Capture-Replay vulnerability has been discovered in Telecrane's Equipment- F25 Series.
Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,
control the device, or stop the device from running.

Multiple vulnerabilities such as Stack-based Buffer Overflow, External Control of File Name or Path, Improper
Privilege Management, Path Traversal have been discovered in Advantech's Equipment- WebAccess.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files
and perform actions at a privileged level, or delete files on the system.

Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer,
Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast vulnerabilities have been discovered
in Omron's Equipment- CX-Supervisor. Successful exploitation of these vulnerabilities could allow an
attacker to execute code under the context of the application, corrupt objects, and force the application
to read a value outside of an array.

Multiple vulnerabilities such as Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials vulnerabilities have been discovered in NUUO's Equipment- CMS.
Successful exploitation of theses vulnerabilities could result in arbitrary remote code execution.

Unsafe ActiveX Control Marked Safe For Scripting vulnerability has been discovered in GE's Equipment- Gigasoft component of iFix.
Successful exploitation of this vulnerability could cause a buffer overflow condition.

Denial of Service from improper input validation vulnerability has been discovered in Siemens' Equipment- SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller.
An attacker with network access to the PLC may be able to cause a denial-of-service condition on the network stack.

Uncontrolled Search Path Element vulnerability has been discovered in Fuji Electric's Equipment- Fuji Electric Energy Savings Estimator.
Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with
the same privileges as the application that loaded the malicious DLL.

CSRF vulnerability has been discovered in Siemens' Equipment- SIMATIC S7-1200 CPU Family Version 4.
Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is tricked into accessing a malicious link.

Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-Bounds Write, Information Exposure Through XML External Entity Reference,
Out-of-Bounds Read have been discovered in WECON's Equipment- PI Studio. Successful exploitation of these vulnerabilities may allow remote
code execution, execution of code in the context of an administrator, read past the end of an allocated object or allow an attacker to disclose
sensitive information under the context of administrator.

Information Exposure Through an Error Message vulnerability has been discovered in Change Healthcare's Equipment- PeerVue Web Server.
Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the PeerVue Web Server,
allowing an attacker to target a system for attack.

Information Exposure Through an Error Message vulnerability has been discovered in Carestream's Equipment- Carestream Vue RIS.
An attacker with access to the network of the affected system can passively read traffic.

Multiple vulnerabilities such as Improper Authentication, Information Exposure Through Query Strings in GET Request have been discovered in Delta Electronics' Equipment- EMG 12.
Successful exploitation of these vulnerabilities may allow attackers to gain unauthorized access and could allow the ability to change device configuration and settings.

Stack-based Buffer Overflow vulnerability has been discovered in Delta Electronics' Equipment- ISPSoft.
Successful exploitation of this vulnerability could allow an attacker to execute code under the context of the application.

Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
Resource Exhaustion have been discovered in Rockwell Automation's Equipment- RSLinx Classic.
Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.

Missing Authentication for Critical Function vulnerability has been discovered in Tec4Data's Equipment- SmartCooler.
Successful exploitation of this vulnerability could cause the device to shut down by exploiting missing authentication for a critical function.

Stack-based Buffer Overflow vulnerability has been discovered in WECON's Equipment- PLC Editor.
Successful exploitation of this vulnerability could result in unauthorized code execution within the current process.

Improper Privilege Management vulnerability has been discovered in Honeywell's Equipment- Mobile Computers.
A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile
computers running the Android Operating System (OS) could allow a malicious third-party application to gain elevated privileges.

Classic Buffer Overflow vulnerability has been discovered in Fuji Electric's V-Server Lite Equipment.
Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information and disrupt the availability of the device.

Improper Input Validation vulnerability has been discovered in Siemens' SCALANCE X Switches Equipment.
Successful exploitation of this vulnerability could allow an attacker with network access to the device to cause a denial-of-service condition.

Improper Access Control vulnerability has been discovered in Siemens' SIMATIC WinCC OA Equipment.
Successful exploitation of this vulnerability could allow an unauthenticated remote user to escalate their privileges in the context of the program.

Uncontrolled Search Path Element vulnerability has been discovered in Siemens' TD Keypad Designer Equipment.
Successful exploitation of this vulnerability could allow a local low-privileged attacker to escalate their privileges.

Multiple vulnerabilities such as Improper Authentication, Unprotected Storage of Credentials have been discovered in
Ice Qube's Equipment- Thermal Management Center. Successful exploitation of these vulnerabilities could allow an
attacker to gain unauthorized access to configuration files or obtain sensitive information.

Stack-based Buffer Overflow vulnerability has been discovered in
Opto22's Equipment- PAC Control Basic and PAC Control Professional.
Successful exploitation of this vulnerability could crash the device
being accessed, and a buffer overflow condition may then allow remote code execution.

Improper Authentication vulnerability has been discovered in ABB's eSOMS Equipment.
Successful exploitation of this vulnerability requires an attacker to discover a valid user account,
which could be used to gain access to the application without authentication.

Improper Authentication vulnerability has been discovered in BD's Equipment- Alaris GS, Alaris GH, Alaris CC, Alaris TIVA.
Successful exploitation of this vulnerability may allow a remote attacker to gain unauthorized access to various Alaris
Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.

Resource Exhaustion vulnerability has been discovered in Philips's Equipment- Philips IntelliVue Information Center iX.
Successful exploitation of this vulnerability may result in a denial of service, the operating system will become unresponsive
due to the network attack, which will affect the applications ability to meet the intended use.

Stack-based Buffer Overflow vulnerability has been discovered in Yokogawa's Equipment- iDefine, STARDOM, ASTPLANNER, and TriFellows.
Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function.

Multiple vulnerabilities such as Improper Input Validation, Use of Hard Coded Credentials have been discovered in
Philips' Equipment- PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs. Successful exploitation of these vulnerabilities
could allow buffer overflows, or allow an attacker to access and modify settings on the device.

Multiple vulnerabilities such as Path Traversal, Improper Authentication have been discovered in
Tridium's Equipment- Niagara. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.

Multiple vulnerabilities such as Improper Privilege Management, Unquoted Search Path or Element have been discovered in
Philips' Equipment- Philips’ IntelliSpace Cardiovascular (ISCV) products. Successful exploitation of these vulnerabilities could
allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server and execute arbitrary code.

Incorrect Default Permissions vulnerability has been discovered in
Siemens' Equipment. Successful exploitation of these vulnerabilities may allow
an attacker with local file write access to manipulate files and cause a denial-of-service-condition,
or execute code both on the manipulated installation as well as devices configured using the manipulated installation.

Cleartext Transmission of Sensitive Information vulnerability has been discovered in
Siemens' Industrial Products Equipment. Successful exploitation of this vulnerability
could result in unencrypted data being transmitted by the SSL/TLS record layer.

Multiple vulnerabilities such as Insufficient Verification of Data Authenticity, Storing Passwords in a Recoverable Format have been discovered in
Medtronic's Equipment- MyCareLink Patient Monitor. Successful exploitation of these vulnerabilities may allow an attacker with physical access
to obtain per-product credentials that are utilized to authenticate data uploads and encrypt data at rest.

Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-Bounds Read have been discovered in
Delta Electronics' Equipment- CNCSoft and ScreenEditor. Successful exploitation of these vulnerabilities could allow an attacker to gain remote code execution with administrator privileges.

Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow have been discovered in
WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code.

Information Exposure Through an Error Message vulnerability has been discovered in
Johnson Controls' Equipment- Metasys and BCPro.
Successful exploitation of this vulnerability could allow an attacker to
obtain technical information about the Metasys or BCPro server, allowing an attacker to target a system for attack.

Use of Password Hash With Insufficient Computational Effort vulnerability has been discovered in
Davolink's Equipment- DVW-3200N. Successful exploitation of this vulnerability may result in a
remote attacker obtaining the password to the device.

Stack-based Buffer Overflow vulnerability has been discovered in
AVEVA's Equipment- InduSoft Web Studio and InTouch Machine Edition.
The listed products are vulnerable only if the TCP/IP Server Task is enabled.
A remote attacker could send a carefully crafted packet during a tag, alarm,
or event related action such as read and write, which may allow remote code execution.

Resource Exhaustion vulnerability has been discovered in
Moxa's Equipment- NPort 5210, 5230, 5232.
Successful exploitation of this vulnerability could allow a
remote attacker to send TCP SYN packages, causing a resource
exhaustion condition that would cause the device to become unavailable.

Improper Input Validation has been discovered in
ABB's Equipment- Panel Builder 800.
An attacker could exploit the vulnerability by tricking
a user to open a specially crafted file, allowing the attacker
to insert and run arbitrary code. This vulnerability requires
user interaction, and the exploit is only triggered when a
local user runs the affected product and loads the specially crafted file.

Multiple vulnerabilities such as Cross-site Scripting, Unrestricted
Upload of File with Dangerous Type, and Incorrect Permissions for Critical Resource have been discovered in
WAGO's Equipment- e!DISPLAY Web-Based-Management (WBM).
Successful exploitation of these vulnerabilities could allow an attacker
to execute code in the context of the user, execute code within the user’s
browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.

Multiple vulnerabilities such as Incorrect Default Permissions, XXE, Resource Exhaustion have been discovered in
SEL's Equipment- Compass and AcSELerator Architect. Successful exploitation of these vulnerabilities could allow
modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service.

Multiple vulnerabilities such as Use of Hard-coded Credentials, Missing Authentication for Critical Function have been discovered in
Universal Robots' Equipment- Robot Controllers. Successful exploitation of these vulnerabilities could allow a remote attacker to run
arbitrary code on the device.

Use of Hard-coded Password and Exposed Dangerous Method or Function vulnerabilities
have been discovered in Medtronic 's Equipment- MyCareLink Patient Monitor.
If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system.

Improper Input Validation vulnerability has been discovered in
Rockwell Automation's Equipment- Allen-Bradley CompactLogix
and Compact GuardLogix. Successful exploitation of this vulnerability
could result in a denial-of-service condition.

Multiple vulnerabilities such as Stack-Based Buffer Overflow, Out-of-Bounds Read
have been discovered in Natus Xltek NeuroWorks software. Successful exploitation
of these vulnerabilities require access to the Natus customer network, and could
crash the device being accessed; a buffer overflow condition may allow remote code execution.

Unquoted Search Path or Element vulnerability has been discovered in
Rockwell Automation Equipment- RSLinx Classic and FactoryTalk Linx Gateway.
Successful exploitation of this vulnerability could allow an authorized,
but non-privileged local user to execute arbitrary code and allow a threat
actor to escalate user privileges on the affected workstation.

Multiple vulnerabilities such as Improper Authentication, Information Exposure, Stack-based Buffer Overflow
have been discovered in Philips' Equipment- IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors.
Successful exploitation may allow an attacker to read/write memory, and/or induce a denial of service through
a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.

Multiple vulnerabilities such as Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal
have been discovered in GE's Equipment- MDS PulseNET and MDS PulseNET Enterprise. Exploitation of these vulnerabilities may allow
elevation of privilege and exfiltration of information on the host platform.

Hard-coded Credentials vulnerability has been discovered in Yokogawa's Equipment- STARDOM Controllers.
Successful exploitation of this vulnerability could allow an attacker to gain access to the affected device,
which could result in remote code execution.

Multiple vulnerabilities such as Improper Access Control, Insufficiently Protected Credentials
and Unprotected Storage of Credentials have been discovered in BeaconMedaes Equipment-
TotalAlert Scroll Medical Air Systems web application. Successful exploitation of these vulnerabilities
could allow an attacker to view and potentially modify some device information and web application setup information.

Multiple vulnerabilities such as Heap-based Buffer Overflow,
Improper Restriction of Operations within the Bounds of a Memory Buffer
and Open Redirect have been discovered in Schneider Electric's Equipment-
Floating License Manager. Successful exploitation of these vulnerabilities could
cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.

Product UI does not Warn User of Unsafe Actions vulnerability has been discovered in BD Kiestra and InoqulA systems.
Successful exploitation of this vulnerabiliy may lead to loss or corruption of data.

Multiple vulnerabilities such as Missing Authentication for Critical Function, Resource Exhaustion and
Cross-Site Scripting have been discovered in Martem's TELEM-GW6/GWM. Successful exploitation of these
vulnerabilities could allow execution of unauthorized industrial process control commands, denial of service, or client-side code execution.

Missing Encryption of Sensitive Data vulnerability has been discovered in Medtronic N'Vision Clinician Programmer.
Successful exploitation of this vulnerability may allow an attacker with physical access to an 8870 N’Vision Compact Flash card to access information.

Vulnerability in PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi has been discovered.
Successful exploitation of this vulnerability could cause the device to reboot and change its state, causing the device to become unavailable.

Improper Input Validation vulnerability has been discovered in Siemens' SINAMIC S7-400 CPU.
Successful exploitation of this vulnerability could cause a denial-of-service condition of the CPU.
The CPU will remain in DEFECT mode until a manual restart is performed.

Multiple vulnerabilities such as Execution with Unnecessary Privileges, Exposure of Resource to Wrong Sphere and
Use of Hard-coded Credentials have been discovered in Philips Brilliance CT Scanners. Successful exploitation of
these vulnerabilities may allow an attacker to attain elevated privileges and access unauthorized system resources,
including access to execute software or to view/update files including patient health information (PHI), directories,
or system configuration.

Multiple vulnerabilities such as Improper Input Validation and Stack-based Buffer Overflow have been discovered in Lantech IDS 2102.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the system through crafting malicious input.

Reusing a Nonce Vulnerability has been discovered in Certain BD Pyxis Products.
Successful exploitation of this vulnerability could allow data traffic manipulation,
resulting in partial disclosure of encrypted communication or injection of data.

Vulnerabilities such as OS Command Injection and Cleartext Transmission of Sensitive Information have been discovered in Vecna's VGo Robot.
Successful exploitation of these vulnerabilities could allow an attacker to capture firmware updates through network traffic and could
allow remote code execution on the VGo Robot, a mobile robotic assistant.

File and Directory Information Exposure Vulnerability has been discovered in Siemens SIMATIC WinCC OA Operator IOS App.
Successful exploitation of this vulnerability could allow an attacker with physical access to read sensitive data located in the app’s directory.

Multiple vulnerabilities such as Improper Authentication and Improper Restriction of
Power Consumption have been discovered in Abbott Laboratories' Implantable Cardioverter
Defibrillator (ICD) and Cardiac Synchronization Therapy Defibrillator.
Successful exploitation of these vulnerabilities may allow a nearby attacker to
gain unauthorized access to an ICD to issue commands, change settings, or otherwise
interfere with the intended function of the ICD.

Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability has been
discovered in Schneider Electric's Triconex Tricon, model 3008. Successful exploitation of
these vulnerabilities could misinform or control the Safety Instrumented System which could
result in arbitrary code execution, system shutdown, or the compromise of safety systems.

Vulnerabilities such as Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Use of Externally-Controlled Format String have been discovered in Allen-Bradley Stratix 5900 Services Router.
Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or
integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.

Vulnerabilities such as Improper Input Validation, Resource Management Errors, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Use of Externally-Controlled Format String have been discovered in Allen-Bradley Stratix and ArmorStratix Switches.
uccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity
caused by memory exhaustion, module restart, information corruption, and/or information exposure.

Permission, Privilege, and Access Control vulnerability has been discovered in certain Yokogawa CENTUM series, Exaopc, B/M9000 CS and B/M9000 VP products.
Successful exploitation of this vulnerability may allow a local attacker to generate false system or process alarms, or block system or process alarm displays.

Multiple vulnerabilities such as Improper Authentication and Missing Encryption of Sensitive Data have been discovered in
ATI Emergency Mass Notification Systems. Successful exploitation of these vulnerabilities could trigger false alarms.

Improper Check or Handling of Exceptional Conditions vulnerability has been found in LAquis SCADA software versions 4.1.0.3391 and prior.
Successful exploitation of this vulnerability can cause the device to crash, resulting in a structured exception handler overflow condition,
which may allow code execution.

Improper Input Validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to cause
a denial-of-service condition on the remote and local communication functionality of the affected products.
A system reboot is required to recover.

Stack-based Buffer Overflow, Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic Algorithm vulnerabilities.
Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service
on the device, which could result in arbitrary code execution or malicious firmware installation.

Improper Access Control vulnerability in Siemens SIMATIC WinCC OA UI Mobile App.
This vulnerability could be exploited by an attacker who tricks an app user to
connect to a malicious WinCC OA server. Successful exploitation of this vulnerability
could allow an attacker to read and write data from and to the app’s project cache folder.

Multiple vulnerabilities in Geutebruck IP Cameras. Successful exploitation of these vulnerabilities
could lead to proxy network scans, access to a database, adding an unauthorized user to the system,
full configuration download including passwords, and remote code execution.

Improper Input Validation vulnerability in Siemens SIMATIC, SINUMERIK, and PROFINET IO .
Successful exploitation of this vulnerability could result in a denial-of-service condition
requiring a manual restart to recover the system.

Nortek Linear eMerge E3 Series Command Injection Vulnerability.
Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with
elevated privileges, allowing for full control of the server.

WAGO PFC200 Series Improper Authentication vulnerability.Successful exploitation of this vulnerability could
allow a remote attacker unauthorized access to the PLC to perform operations on the file system without authentication.

An uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application.
Successful exploitation of this vulnerability may allow an attacker to insert a malicious DLL on the target system and run arbitrary code.

Fuji Electric Stack-based Buffer Overflow vulnerability.
Successful exploitation of this vulnerability could allow a
remote attacker to view sensitive information and disrupt the availability of the device.

Multiple vulnerabilities were reported in Mozilla Firefox.
A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can bypass security controls on the target system.
A remote user can spoof URLs. Mozilla Thunderbird is affected.Remediation : Red Hat has issued a fix.

Two vulnerabilities were reported in ASUS Routers.
Cisco has released software updates to address a vulnerability in its IOS XR Software
Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series.

Cisco has released a security update to address a vulnerability in its Adaptive Security
Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware.
An attacker could exploit this vulnerability to obtain sensitive information.

Major security flaw has been detected in computer chips being manufactured by major
OEMs in the last two decades. The security flaws are named as "Meltdown" & "Spectre".
It allows attacker to gain access of protected data in computer memory.

Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities
across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities
in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND).
A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities.
An attacker could exploit one of these vulnerabilities to take control of an affected system.

VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon,
vRealize Operations for Published Applications, Workstation, Horizon View Client, and Tools.
A remote attacker could exploit these vulnerabilities to take control of an affected system.

Multiple vulnerabilities were reported in Microsoft Edge. A remote user can cause arbitrary code to be
executed on the target user's system. A remote user can bypass cross-domain security controls on the target
system. A remote user can obtain potentially sensitive information on the target system.

Advantech has released WebAccess Version 8.3 to address the reported vulnerabilities.
Successful exploitation of these vulnerabilities could cause the device to crash. An attacker may be able to further exploit this condition to
remotely execute arbitrary code or bypass authentication.

A set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors.
Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.